Академический Документы
Профессиональный Документы
Культура Документы
Interpretation:
The internal audit activity is effectively managed when:
It achieves the purpose and responsibility included in the internal audit charter.
It conforms with the Standards.
Its individual members conform with the Code of Ethics and the Standards.
It considers trends and emerging issues that could impact the organization.
The internal audit activity adds value to the organization and its stakeholders when it
considers strategies, objectives, and risks; strives to offer ways to enhance governance,
risk management and control processes; and objectively provides relevant assurance.
Getting Started
This standard communicates the minimum criteria that the chief audit executive (CAE) must
fulfill in managing the internal audit activity. Reviewing the requirements related to each
element in the Interpretation may help the CAE prepare to implement this standard.
1
Implementation Guide 2000 / Managing the Internal Audit Activity
As this standard indicates, the CAE is responsible for managing the internal audit activity in a
way that enables the internal audit activity as a whole to conform with the Standards and
individual internal auditors to conform with the Standards and Code of Ethics. Thus, it is crucial
that the CAE regularly reviews the International Professional Practices Framework (IPPF) to
address the details of conformance.
Standard 2000 points out several fundamentals needed to fulfill the principle that the internal
audit activity adds value to the organization. The CAE may start by reviewing the internal audit
activitys purpose and responsibility, which is agreed upon by the CAE, senior management,
and the board and recorded in the internal audit charter. Studying the organizational chart can
help the CAE identify the organizations stakeholders, structure, and reporting relationships.
Studying the organizations strategic plan will give the CAE insight into the organizations
strategies, objectives, and risks. The risks considered should include trends and emerging
issues, such as those involving the organizations industry, the internal audit profession itself,
regulatory requirements, and political and economic situations. The CAE may gather additional
input by speaking with senior management and the board about the strategic plan.
This forethought and preparation lays the groundwork for the CAE to manage the internal audit
activity in a way that adds value by enhancing the organizations governance, risk
management, and control processes and by providing relevant assurance.
In the internal audit plan, the CAE typically defines the internal audit activitys scope and
deliverables, specifies the resources needed to achieve the plan, and outlines an approach to
2
Implementation Guide 2000 / Managing the Internal Audit Activity
develop the internal audit activity and measure its performance and progress against the plan.
According to Standard 2020, the CAE is responsible for communicating the plan, resource
requirements, and the impact of resource limitations to the board and senior management and
receiving their approval. Significant interim changes to the plan must also be communicated
and approved.
As stated in Standard 2030, the CAE must also ensure that internal audit resources are
deployed effectively to achieve the approved plan. To implement a systematic and disciplined
approach to managing the internal audit activity, the CAE considers the Mandatory Guidance
of the IPPF and establishes internal audit policies and procedures (Standard 2040). Internal
audit policy and procedure documents often are assembled into an internal audit manual for
the internal audit activity to use. The documents may include methods and tools for training
internal auditors. The CAE may require internal auditors to acknowledgement by signature that
they have read and understood the policies and procedures.
Standard 2000 introduces the CAEs responsibility for ensuring that the internal audit activity
adds value to the organization by objectively providing relevant assurance and offering
suggestions to enhance the organizations governance, risk management, and control
processes. The 2100 series of standards and implementation guides describes the
requirements and processes that enable the internal audit activity to complete these
objectives.
The CAE ensures effective management by monitoring conformance with the Mandatory
Guidance of the IPPF at both the level of the individual internal auditor and the internal audit
activity as a whole. The CAE is also responsible for implementing a quality assurance and
improvement program, as required by Standard 1300, and for implementing the methods and
tools related to the 1200 series of standards.
The CAE must also evaluate the internal audit activitys effectiveness to achieve conformance
with Standard 2000. Typically, the CAE develops metrics for evaluating the efficiency and
effectiveness of the internal audit activity. Tools the CAE may use for this purpose include
soliciting feedback through post-audit client surveys, completing annual performance reviews
3
Implementation Guide 2000 / Managing the Internal Audit Activity
of individual internal auditors, implementing the quality assurance and improvement program,
and comparing the organizations internal audit activity against contemporary internal audit
groups in the industry (benchmarking).
Because Standard 2000 requires evidence of conformance not only at the level of the internal
audit activity, but also at the level of the individual internal auditor, evidence that supports the
1200 series of standards may also be useful. This may include supervisory evaluations and
peer reviews of individual internal auditors and the CAE, with metrics tied to performance and
conformance.
Evidence of conformance with the 2000 series of standards (i.e., standards 2010 through
2070) provides additional evidence of conformance with Standard 2000.
4
Implementation Guide 2000 / Managing the Internal Audit Activity
Implementation Guides assist internal auditors in applying the Standards. They collectively address internal audit's
approach, methodologies, and consideration, but do not detail processes or procedures.
For other authoritative guidance materials provided by The IIA, please visit our website at
www.globaliia.org/standards-guidance or www.theiia.org/guidance.
Disclaimer
The IIA publishes this document for informational and educational purposes. This guidance material is not intended to
provide definitive answers to specific individual circumstances and, as such, is only intended to be used as a guide.
The IIA recommends that you always seek independent expert advice relating directly to any specific situation. The IIA
accepts no responsibility for anyone placing sole reliance on this guidance.
Copyright
Copyright 2016 The Institute of Internal Auditors. For permission to reproduce, please contact guidance@theiia.org.